salacronix 1 Posted ... This does not actually work as shown. TLS key usage mode only works with TLS Authentication. Auth digest algorithm only works with SHA1 (160 bit). This is with PFsense 2.50 release. Share this post Link to post
Staff 9973 Posted ... @salacronix Hello! TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection). Kind regards Share this post Link to post
salacronix 1 Posted ... 5 hours ago, Staff said: @salacronix Hello! TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection). Kind regards I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/ In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works. Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit). If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall. Share this post Link to post
go558a83nk 362 Posted ... 5 minutes ago, salacronix said: I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/ In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works. Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit). If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall. The guide is for a tls-crypt setup where those settings are what work. What you're missing is that you need to connect to an entry IP 3 or 4. The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems." 1 dIecbasC reacted to this Share this post Link to post
salacronix 1 Posted ... 1 hour ago, go558a83nk said: The guide is for a tls-crypt setup where those settings are what work. What you're missing is that you need to connect to an entry IP 3 or 4. The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems." Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers? Share this post Link to post
go558a83nk 362 Posted ... 5 minutes ago, salacronix said: Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers? No, the problem is with you unable to follow directions. In the tutorial, the first directive in the "generate AirVPN certificates" section is to enable advanced mode. Have you turned on advanced mode in the config generator? 2 dIecbasC and d3adf1sh reacted to this Share this post Link to post
salacronix 1 Posted ... 25 minutes ago, go558a83nk said: No, the problem is with you unable to follow directions. Oh I am completely turned on now. Please continue. Your such a big strong boy. Are you wearing leather? Share this post Link to post
OpenSourcerer 1435 Posted ... 12 minutes ago, salacronix said: Are you wearing leather? Enchanted netherite armor, straight outta hell. Cut the salt, please. You too, Mr. go558a83nk. 47 minutes ago, salacronix said: Will that return the wrong list of servers? Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try. 1 1 dIecbasC and salacronix reacted to this Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
salacronix 1 Posted ... 6 minutes ago, OpenSourcerer said: Enchanted netherite armor, straight outta hell. Cut the salt, please. You too, Mr. go558a83nk. Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try. Pfsense still doesn't like it. Thanks for the help, I will just fall back to the Eddie setup for now. 😊 Share this post Link to post